From ce58e04ccad738eea08e4510a1f189193683a3c9 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Tue, 30 Jun 2020 11:45:23 +0200 Subject: [PATCH] #42 Add imagePullSecrets to ParseDefinition and ScanCompletionHooks Co-authored-by: Jorge Estrigarribia --- operator/apis/execution/v1/parsedefinition_types.go | 6 ++++-- operator/apis/execution/v1/scancompletionhook.go | 7 ++++--- operator/apis/execution/v1/zz_generated.deepcopy.go | 12 +++++++++++- ...perimental.securecodebox.io_parsedefinitions.yaml | 11 +++++++++++ ...imental.securecodebox.io_scancompletionhooks.yaml | 11 +++++++++++ operator/controllers/execution/scan_controller.go | 2 ++ ...perimental.securecodebox.io_parsedefinitions.yaml | 11 +++++++++++ ...imental.securecodebox.io_scancompletionhooks.yaml | 11 +++++++++++ 8 files changed, 65 insertions(+), 6 deletions(-) diff --git a/operator/apis/execution/v1/parsedefinition_types.go b/operator/apis/execution/v1/parsedefinition_types.go index 69c92912..d7e0f8df 100644 --- a/operator/apis/execution/v1/parsedefinition_types.go +++ b/operator/apis/execution/v1/parsedefinition_types.go @@ -17,6 +17,7 @@ limitations under the License. package v1 import ( + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -29,8 +30,9 @@ type ParseDefinitionSpec struct { // Important: Run "make" to regenerate code after modifying this file // Foo is an example field of ParseDefinition. Edit ParseDefinition_types.go to remove/update - HandlesResultsType string `json:"handlesResultsType,omitempty"` - Image string `json:"image,omitempty"` + HandlesResultsType string `json:"handlesResultsType,omitempty"` + Image string `json:"image,omitempty"` + ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"` } // ParseDefinitionStatus defines the observed state of ParseDefinition diff --git a/operator/apis/execution/v1/scancompletionhook.go b/operator/apis/execution/v1/scancompletionhook.go index 6e8aa505..cac65c53 100644 --- a/operator/apis/execution/v1/scancompletionhook.go +++ b/operator/apis/execution/v1/scancompletionhook.go @@ -40,9 +40,10 @@ type ScanCompletionHookSpec struct { // Important: Run "make" to regenerate code after modifying this file // Image is the container image for the hooks kubernetes job - Image string `json:"image,omitempty"` - Env []corev1.EnvVar `json:"env,omitempty"` - Type HookType `json:"type"` + Image string `json:"image,omitempty"` + ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"` + Env []corev1.EnvVar `json:"env,omitempty"` + Type HookType `json:"type"` } // ScanCompletionHookStatus defines the observed state of ScanCompletionHook diff --git a/operator/apis/execution/v1/zz_generated.deepcopy.go b/operator/apis/execution/v1/zz_generated.deepcopy.go index 3fadce74..55cc1a7f 100644 --- a/operator/apis/execution/v1/zz_generated.deepcopy.go +++ b/operator/apis/execution/v1/zz_generated.deepcopy.go @@ -98,7 +98,7 @@ func (in *ParseDefinition) DeepCopyInto(out *ParseDefinition) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec + in.Spec.DeepCopyInto(&out.Spec) out.Status = in.Status } @@ -155,6 +155,11 @@ func (in *ParseDefinitionList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ParseDefinitionSpec) DeepCopyInto(out *ParseDefinitionSpec) { *out = *in + if in.ImagePullSecrets != nil { + in, out := &in.ImagePullSecrets, &out.ImagePullSecrets + *out = make([]corev1.LocalObjectReference, len(*in)) + copy(*out, *in) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ParseDefinitionSpec. @@ -271,6 +276,11 @@ func (in *ScanCompletionHookList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ScanCompletionHookSpec) DeepCopyInto(out *ScanCompletionHookSpec) { *out = *in + if in.ImagePullSecrets != nil { + in, out := &in.ImagePullSecrets, &out.ImagePullSecrets + *out = make([]corev1.LocalObjectReference, len(*in)) + copy(*out, *in) + } if in.Env != nil { in, out := &in.Env, &out.Env *out = make([]corev1.EnvVar, len(*in)) diff --git a/operator/config/crd/bases/execution.experimental.securecodebox.io_parsedefinitions.yaml b/operator/config/crd/bases/execution.experimental.securecodebox.io_parsedefinitions.yaml index e518bed0..00293fec 100644 --- a/operator/config/crd/bases/execution.experimental.securecodebox.io_parsedefinitions.yaml +++ b/operator/config/crd/bases/execution.experimental.securecodebox.io_parsedefinitions.yaml @@ -50,6 +50,17 @@ spec: type: string image: type: string + imagePullSecrets: + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array type: object status: description: ParseDefinitionStatus defines the observed state of ParseDefinition diff --git a/operator/config/crd/bases/execution.experimental.securecodebox.io_scancompletionhooks.yaml b/operator/config/crd/bases/execution.experimental.securecodebox.io_scancompletionhooks.yaml index 5b7d72d0..2a4d168d 100644 --- a/operator/config/crd/bases/execution.experimental.securecodebox.io_scancompletionhooks.yaml +++ b/operator/config/crd/bases/execution.experimental.securecodebox.io_scancompletionhooks.yaml @@ -145,6 +145,17 @@ spec: image: description: Image is the container image for the hooks kubernetes job type: string + imagePullSecrets: + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array type: description: HookType Defines weather the hook should be able to change the findings or is run in a read only mode. diff --git a/operator/controllers/execution/scan_controller.go b/operator/controllers/execution/scan_controller.go index e90c0a49..9579df6f 100644 --- a/operator/controllers/execution/scan_controller.go +++ b/operator/controllers/execution/scan_controller.go @@ -416,6 +416,7 @@ func (r *ScanReconciler) startParser(scan *executionv1.Scan) error { Spec: corev1.PodSpec{ RestartPolicy: corev1.RestartPolicyNever, ServiceAccountName: "parser", + ImagePullSecrets: parseDefinition.Spec.ImagePullSecrets, Containers: []corev1.Container{ { Name: "parser", @@ -1022,6 +1023,7 @@ func (r *ScanReconciler) createJobForHook(hook *executionv1.ScanCompletionHook, Spec: corev1.PodSpec{ ServiceAccountName: serviceAccountName, RestartPolicy: corev1.RestartPolicyNever, + ImagePullSecrets: hook.Spec.ImagePullSecrets, Containers: []corev1.Container{ { Name: "hook", diff --git a/operator/crds/execution.experimental.securecodebox.io_parsedefinitions.yaml b/operator/crds/execution.experimental.securecodebox.io_parsedefinitions.yaml index e518bed0..00293fec 100644 --- a/operator/crds/execution.experimental.securecodebox.io_parsedefinitions.yaml +++ b/operator/crds/execution.experimental.securecodebox.io_parsedefinitions.yaml @@ -50,6 +50,17 @@ spec: type: string image: type: string + imagePullSecrets: + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array type: object status: description: ParseDefinitionStatus defines the observed state of ParseDefinition diff --git a/operator/crds/execution.experimental.securecodebox.io_scancompletionhooks.yaml b/operator/crds/execution.experimental.securecodebox.io_scancompletionhooks.yaml index 5b7d72d0..2a4d168d 100644 --- a/operator/crds/execution.experimental.securecodebox.io_scancompletionhooks.yaml +++ b/operator/crds/execution.experimental.securecodebox.io_scancompletionhooks.yaml @@ -145,6 +145,17 @@ spec: image: description: Image is the container image for the hooks kubernetes job type: string + imagePullSecrets: + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array type: description: HookType Defines weather the hook should be able to change the findings or is run in a read only mode.